b'DEPARTMENT OF HOMELAND SECURITY\n\n    Office of Inspector General\n\n   Implementation Challenges Remain\n     In Securing DHS Components\xe2\x80\x99\n          Intelligence Systems\n\n            Unclassified Summary\n\n\n\n\nOIG-07-15                     December 2006\n                      1\n\x0c                                                                       U.S. Department of\n                                                                       Homeland Security\n                                                                       Washington, DC 20528\n\n\n\n\n                             Office of Inspector General\n                   Implementation Challenges Remain In Securing DHS\n                           Components\xe2\x80\x99 Intelligence Systems\n                                    OIG-07-15\n\n\nWe reviewed Top Secret/Sensitive Compartmented Information (TS/SCI) systems under\nthe Department of Homeland Security\xe2\x80\x99s (DHS) purview. We focused on DHS\xe2\x80\x99\ninformation assurance posture, including the policies and procedures in place for the\ndepartment\xe2\x80\x99s intelligence systems. We performed our work at the departmental and\norganizational component levels, focusing on the system security controls for a subset of\nintelligence systems, according to the requirements in Director of Central Intelligence\nDirective 6/3, Protecting Sensitive Compartmented Information Within Information\nSystems.\n\nThe objective of our evaluation was to determine whether DHS\xe2\x80\x99 information security\nprogram and practices are adequate and effective in protecting the information and the\nsystems that support DHS\xe2\x80\x99 intelligence operations and assets from unauthorized access,\nuse, disclosure, disruption, modification, or destruction. We also determined whether\nDHS\xe2\x80\x99 privacy program and related activities pertain to its intelligence systems, and\nidentified whether components have developed or incorporated requirements to protect\nintelligence system vulnerabilities into their classification guides. Furthermore, we\nconducted detailed assessments of security controls and documentation for DHS\xe2\x80\x99\nintelligence systems and assessed the mitigation of system security weaknesses\npreviously identified as a result of system security vulnerability assessments conducted\nfor a subset of intelligence systems in Fiscal Years 2004 and 2005. Fieldwork was\nconducted from May through August 2006.\n\nDHS formally established the Office of Intelligence and Analysis to implement the\ndepartment\xe2\x80\x99s Information Technology security program for its intelligence systems and\nassets. We also identified issues regarding the certification and accreditation of DHS\xe2\x80\x99\nintelligence systems; Plan of Action and Milestones process; incident detection, handling\nprocedures, reporting, and analysis process; and information security training and\nawareness program for all users of intelligence systems and specialized training for\nemployees with significant security responsibilities for DHS\xe2\x80\x99 intelligence systems. We\nrecommended that DHS formally grant the Office of Intelligence and Analysis\xe2\x80\x99 Chief\nInformation Officer the comprehensive authority to support the management, operation,\nand DCID 6/3 accreditation of the department\xe2\x80\x99s intelligence systems, excluding United\nStates Coast Guard intelligence data systems. DHS management agreed with our\nrecommendation and has begun taking actions to address the issues raised during our\nreview. (OIG-07-15, December 2006)\n\x0cAdditional Information and Copies\n\nTo obtain additional copies of this report, call the Office of Inspector General\n(OIG) at (202) 254-4100, fax your request to (202) 254-4285, or visit the OIG\nweb site at www.dhs.gov/oig.\n\nOIG Hotline\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind\nof criminal or noncriminal misconduct relative to department programs or\noperations, call the OIG Hotline at 1-800-323-8603; write to DHS Office of\nInspector General/MAIL STOP 2600, Attention: Office of Investigations \xe2\x80\x93\nHotline, 245 Murray Drive, SW, Building 410, Washington, DC 20528; fax\nthe complaint to (202) 254-4292; or e-mail DHSOIGHOTLINE@dhs.gov.\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'